Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction — squidex 5.5 Medium2026-04-22
CVE-2026-4132 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters — HTTP Headers 7.2 High2026-04-22
CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths — OpenClaw 5.8 Medium2026-04-20
CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename() — securedrop-client 7.5 High2026-04-18
CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP — WebPerfect Image Suite 9.8 -2026-04-14
CVE-2026-5809 wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter — wpForo Forum 7.1 High2026-04-11
CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability — NoMachine 7.8AIHighAI2026-04-11
CVE-2026-5053 NoMachine External Control of File Path Arbitrary File Deletion Vulnerability — NoMachine 7.1AIHighAI2026-04-11
CVE-2025-65115 Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM — JP1/IT Desktop Management 2 - Manager 8.8 High2026-04-07
CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate — Joomla! CMS 9.1AICriticalAI2026-04-01
CVE-2026-5210 SourceCodester Leave Application System file inclusion — Leave Application System 7.3 High2026-03-31
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling — Red Hat Enterprise Linux 10 5.5 -2026-03-26
CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` — AVideo 7.6 High2026-03-23
CVE-2019-25618 AdminExpress 1.2.5 Denial of Service via System Compare — AdminExpress 6.2 Medium2026-03-22
CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read — Task Manager 6.5 Medium2026-03-21
CVE-2026-32749 SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write — siyuan 7.6 High2026-03-19
CVE-2019-25472 IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile — Telefone IP TIP 200 7.5 High2026-03-11
CVE-2026-30903 Zoom Workplace 安全漏洞 — Zoom Workplace 9.6 Critical2026-03-11
CVE-2026-24287 Windows Kernel Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2026-03-10
CVE-2026-25605 Siemens SICAM SIAPP SDK 安全漏洞 — SICAM SIAPP SDK 6.7 Medium2026-03-10
CVE-2026-25573 Siemens SICAM SIAPP SDK 安全漏洞 — SICAM SIAPP SDK 7.4 High2026-03-10
CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling — OpenClaw 7.5 High2026-03-05
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path — OpenClaw 7.1 High2026-03-05
CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation — ZimaOS 8.6 High2026-03-05
CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API — ZimaOS 8.6 High2026-03-02
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse — cloud-hypervisor 8.4AIHighAI2026-02-21
CVE-2026-26975 Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution — server 8.8 High2026-02-20
CVE-2026-27008 OpenClaw hardened the skill download target directory validation — openclaw 7.7 -2026-02-19
CVE-2026-26360 Dell Unisphere for PowerMax 安全漏洞 — Unisphere for PowerMax 8.1 High2026-02-19
CVE-2026-26359 Dell Unisphere for PowerMax 安全漏洞 — Unisphere for PowerMax 8.8 High2026-02-19

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.